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C. REMARKS 

Applicants respectfully request reconsideration of the outstanding rejections and 
reexamination of the present application in light of the following amendments and 
remarks. 

Status of the Claims 

Claims 1-9 are pending in the application. Claims 10-25 are canceled. 

In this Amendment, Applicans have canceled claims 10-25 from further 
consideration in this application. Applicant is not conceding that the subject matter 
encompassed by claims 10-25 prior to this Amendment is not patentable over the art 
cited by the Examiner. Claims 10-25 were cancelled in this Amendment solely to 
facilitate expeditious prosecution of allowable subject matter. Applicant respectfully 
reserves the right to pursue claims, including the subject matter encompassed by claims 
1 0-25, as presented prior to this Amendment and additional claims in one or more 
continuing applications. 

Claim Rejection - 35 USC 101 

The Office Action rejects claim 19 under 35 USC 101 as allegedly directed to 
non-statutory subject mater. [Office Action, p. 2] Regardless of whether this rejection is 
correct, Applicants have canceled claim 19 in the present application, therefore the 

Alleged Obviousness under 35 USC 103(a) 

Claims 1-25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Baker (US Patent 5,428,349) in view of Hoover (US Patent 6,209,102). [Office Action, 
p. 3] Claim 1 0-25 are canceled, therefore the rejection of these claims is no longer 
applicable in the present application. As to the rejection of claims 1-9, Applicants 
traverse the rejection of the pending claims. 

As noted in the Office Action, under 35 USC §1 03(a) a patent may not be 

obtained though the invention is not identically disclosed as described as set forth in 
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section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to 
which said subject matter pertains. In Graham v. John Deere, the Supreme Court 
clarified that "under 103, in considering the obviousness or nonobviousness of the 
subject matter, the scope and content of the prior art are to be determined; differences 
between the prior art and the claims at issue are to be ascertained; and the level of 
ordinary skill in the pertinent art resolved, in addition to evaluating evidence of 
secondary considerations." Graham, 383 U.S. 1, 148 USPQ 459 (1966). 

The Examiner bears the initial burden of supporting any prima facie conclusion of 
obviousness. See In re Rinehart, 531, F.2d 1048, 189, USPQ 143 (CCPA 1976); KSR 
International Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 (2007); MPEP 2142. The key 
to supporting a rejection under 35 USC 103 is the clear articulation of the reasons why 
the claimed invention would have been obvious; the analysis supporting a rejection 
under 35 USC 103 should be made explicit. See KSR International Co., 82 USPQ2d at 
1396; MPEP 2142 (Rev. 6, Sept. 2007). 

Applicants traverse the rejection of claims 1-9. Applicants respectfully assert that 
the Office Action fails to establish a prima facie case of obviousness because the Office 
erred in the Graham factual findings and there is no clear articulation of the rationale 
supporting a conclusion of obviousness. Because the Office Action fails to establish a 
prima facie case of obviousness, Applicants respectfully request withdrawal of the 
rejection under 35 USC 103(a) and allowance of the claims. 

Claim 1 

Claim 1, as currently presented, reads: 

Claim 1 (Previously Presented): A computer-implemented method for 
secure password entry, comprising: 

displaying a password prompt comprising a changing stream of 
random characters, wherein a particular character within said changing 
stream of random characters is displayed at a visibly detectable higher 
frequency; and 
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receiving input to increment or decrement said particular character 
to reach a password character of a password. 

Applicants respectfully assert that the Office has erred in finding a prima facie 
case of obviousness as to claim 1 because under a proper Graham analysis, when 
Baker and Hoover are considered as a whole, the references, do not teach the 
elements of claim 1 and there is no clear statement as to the rationale for one of 
ordinary skill in the art finding claim 1 as a whole obvious in view of the differences 
between Baker and Hoover and claim 1 . 

First, in the Graham inquiry, as to the scope and contents of Baker, the Office 

Action cites Figures 2-4 and the abstract of Baker as reading on the claimed element of 

a computer-implemented method for secure password entry . [Office Action, p. 3] The 

abstract of Baker describes: 

"a password access method/algorithm is effected by generating a 
pseudorandom array of each letter of the alphabet and the numerals 0 and 
9 such that the password entry can be monitored without disclosing the 
letters or numerals contained in the password. The preferred 
arrangement is a square matrix of six rows and six columns of characters. 
The user enters the password by selecting either the row or column 
containing each letter of a memorized password." 

Figures 2 and 3 of Baker describe I/O displays of Figure 1 (Baker, col. 2, lines 24-28) 
and Figure 4 of Baker describes a flow diagram for the password entry algorithm of 
Baker (Baker, col. 3, lines 13-15). Thus Baker describes itself within the field of 
"password entry". 

In addition, as to the scope and contents of Baker, the Office Action cites "8" in 
Figs. 2 and 3 as reading on the claimed element of displaying a password prompt 
comprising a changing stream of random characters . [Office Action, p. 3] "8" in Figs. 2 
and 3, refers to the "thirty-six characters" including twenty-six letters of the alphabet plus 
the integers zero through nine. Baker, col. 2, lines 60-63. Baker describes an I/O 
device that "displays a random array of characters 8 consisting of six columns and six 
characters each." Baker, col. 2, lines 58-61. Col. 3, lines 28-44 and col. 4, lines 5-10 of 
Baker specify that for each letter of a password, the same thirty-six characters, 
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representing each letter of the alphabet and each number, are randomly ordered into an 
array and concurrently displayed together in a matrix of nine by four or six by six 
proportion. Thus, Baker describes concurrently displaying a different matrix of all 36 
characters for each letter of a password. 

Further, as to the scope and contents of Baker, the Office Action cites steps 22 
and 23 in Figure 4 as describing "where array of alpha-numeric characters are 
displayed in a visibly detectable frequency" and describes this portion of Baker as 
reading on wherein a particular character within said changing stream of random 
characters is displayed at a visibly detectable higher frequency . [Office Action, p. 3] 
Step 22 in Figure 4 of Baker describes "generate random ordered alpha-numeric array 
of 0. . .9 and A. . .Z" and step 23 of Figure 4 of Baker describes "display random alpha- 
numeric array as NxM matrix of N rows and M columns." Within the specification of 
Baker, steps 22 and 23 of Figure 4 are described as "a pseudorandom algorithm is used 
22 to randomly order the integers zero through nine and letters A through Z. The nature 
of the particular pseudorandom algorithm is important only to the extent that it has a 
nearly uniform distribution such that all the possible sequences of the alphanumeric 
characters occur with nearly equal likelihood" and "the randomly ordered characters are 
then displayed 23 in an N by M matrix where N times M is thirty-six. A six by six matrix 
is used in the preferred embodiment although a nine by four and four by nine matrix are 
other possible arrangements." Baker, col. 3, lines 15-32. Applicants respectfully submit 
that even without considering Baker in its entirety, it is clear from the portions of Baker 
cited that Baker describes generating an array of the same set of 36 different 
characters, for each password letter entry, and displaying the array of the same 36 
different characters at the same time in a matrix. Baker's description of an algorithm 
that is "pseudorandom to the extent that it has a nearly uniform distribution such that all 
possible sequences of the alphanumeric characters occur with nearly equal likelihood" 
describes making sure that the same random array of the set of 36 different characters 
for concurrent display does not continue to be generated. Applicants respectfully 
submit that displaying a different random array of the same set of 36 different 
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characters in a matrix for each password letter entry as described in Baker does not 
describe "where array of alpha-numeric characters are displayed in a visibly detectable 
frequency" as claimed in the Office Action. In addition, as will be further discussed, 
concurrently displaying the same set of 36 different characters in a matrix does not 
teach any character that is displayed at a visibly detectable higher frequency. 

The Office Action states that Baker does not explicitly teach receiving input to 
increment or decrement said particular character to reach a password character of a 
password . [Office Action, p. 3] The Office Action cites Hoover, figures 1 and 2, and for 
example col. 2, lines 36-63, as reading on receiving input to increment or decrement 
said particular character to reach a password character of a password . [Office Action, 
p. 3] 

In considering the scope and content of Hoover, Hoover in general describes 
selecting a password by selecting one of multiple displayed fields containing characters, 
where if a hacker is tracking a user's keyboard or mouse entries, the hacker cannot 
determine a password selection from the keyboard or mouse based selections of fields. 
Hoover, abstract, col. 2, lines 6-9. Col. 2, lines 36-63 of Hoover read: 

In yet another embodiment, shown in FIG. 1 , a randomly initialized 
"bingo card" could be displayed, with the user entering the PIN by clicking 
on the correct character in each column of the bingo card. The current 
PIN could be displayable adjacent to the bingo card (FIG. 1 ) or the 
selected PIN characters could be highlighted on the bingo card. The 
current PIN could be displayable adjacent to the bingo card (FIG. 1 ) or the 
selected PIN characters could be highlighted on the bingo card, e.g. by 
changing the color or shading of the selected characters. 

In still other embodiments, the user-selectable fields could be 
simply displayed as a series of character boxes, much like a crossword 
puzzle or fill-in-the blank game, with each field being initialized to an 
unpredictable alphanumeric character. For example, for a six-digit PIN, 
the system starts by displaying six random digits. To select his PIN, the 
user cursors through the digits. At each digit, he hits the up or down arrow 
key (to increment the digit by +1 or -1) an appropriate number of times 
until the desired digit appears. 

Alternatively, as shown in FIG. 2, each particular, initially random 
PIN digit could be adjusted to the correct value by clicking on the 
corresponding "+" or "-" buttons. 
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Alternatively, two rows of digits could be used. One row could 
display an initially random PIN digit sequence. The user would input to an 
adjacent row an offset digit sequence such that the correct PIN digit 
sequence was formed when offset digit sequence row was added to the 
initially random PIN digit sequence row. The resulting correct PIN digit 
sequence could be displayed adjacent to the other two rows. 

In addition, Figure 1 of Hoover describes an example where for each password 
character, multiple possible fields are displayed and a user clicks on one of the fields as 
the password character and Figure 2 of Hoover describes a user viewing a selected 
random number and then selecting an increment or decrement field to reach a 
password character. Thus, Hoover describes a user selecting a field that displays a 
character or the user entering input to increment or decrement a digit displayed in a 
field. 

In considering the differences between Baker and Hoover and claim 1 , 
Applicants note that a first difference between the references and claim 1 is neither 
Baker nor Hoover teach a particular character of the changing stream of characters 
displayed at a visibly detectable higher frequency, nor does the rejection of claim 1 
address these elements. In particular, the Office Action cites Baker as reading on 
"where array of alpha-numeric characters are displayed in a visibly detectable 
frequency", which does not address the claimed element of a particular character of the 
changing stream of characters displayed at a visibly detectable higher frequency. In 
addition, neither the Office Action nor Baker teaches any particular character that is 
included in a changing stream of characters or any particular character that is displayed 
at visibly detectable higher frequency within the changing stream of characters. 

In addition, in considering the scope and contents of Baker, Applicants 
respectfully note that a prior art reference must be considered in its entirety, i.e. as a 
whole, including portions that would lead away from the claimed invention. W.L. Gore & 
Associates, Inc., v. Garlock, Inc., 721 F.2d 1540, 220 USPQ 303 (Fed. Cir. 1983). 
When Baker is considered as a whole, it is clear Baker teaches away from the claimed 
element of a particular character in a stream of characters displayed at a visibly 
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detectable higher frequency. As a whole, Baker describes the importance of each 
possible character of the 36 different characters appearing in the matrix with equal 
probability. Baker, col. 2, lines 1-6. In particular, Baker describes that for each 
password letter to be selected, the same set of 36 different characters is displayed and 
the user only selects the row or column that displays the letter of the password, so that 
"since the successive characters of the memorized password appear with equal 
probability in columns or rows of the matrix, the actual columns or rows selected are 
most likely different each time the password is entered." Baker, col. 2, lines 1-6, col. 3, 
line 63- col. 4, line 19. Thus, Applicants submit that Baker's description of displaying 
the same set of 36 different characters for each password entry teaches away from any 
particular character being displayed at a visibly detectable higher frequency because 
displaying any single character at a visibly detectable higher frequency would allow an 
unauthorized user to more easily determine which character a user selects within a row 
or column, if that character also appeared in other rows or columns. 

Thus, in view of Baker's description of a displayed array of a same set of 36 
different characters displayed at a same frequency, a clear difference between Baker 
and Hoover and the claimed element of changing stream of random characters, wherein 
a particular character within said changing stream of random characters is displayed at 
a visibly detectable higher freguencv , is that neither Baker nor Hoover separately or in 
combination teach a particular character within said changing stream of random 
characters displayed at visibly detectable higher frequency. In addition, a clear 
difference between Baker and Hoover and claim 1 is that Baker and Hoover both 
describe concurrently displaying a set of all possible characters for a password, but 
neither teach a displaying a password prompt comprising a changing stream of 
characters. 

Second, in considering the differences between Baker and Hoover and the 
claimed element o f receiving input to increment or decrement said particular character 
to reach a password character of a password . Applicants respectfully note that in 
considering claim 1 as a whole, the particular character displayed in the password 
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prompt at a higher frequency is the character within the changing stream that the user 
enters input to increment or decrement to reach a password character of a password. 
Thus, a difference between Baker and Hoover and claim 1 is that Baker describes a 
user selecting a row or column in which a character of a password is displayed and 
Hoover describes a user using keystrokes or a mouse selection to select one of multiple 
displayed fields containing a character or to increment or decrement a digit displayed in 
a field, therefore, clearly neither Baker nor Hoover separately or in combination describe 
a user providing inputs that would adjust the particular character displayed at a higher 
frequency within a random stream of characters. In particular, Baker and Hoover, 
separately or in combination, are different from claim 1 because Baker and Hoover do 
not teach that if in a random stream of characters displayed at a password prompt, the 
character "A" is displayed at a visibly detectable higher frequency than other characters 
in the stream and if the user enters input to increment, the character displayed at a 
higher frequency in the stream changes to "B". 

Therefore, in view of the scope and content of Baker and Hoover and the 
differences between Baker and Hoover and claim 1 , it is clear that the differences 
between Baker and Hoover and claim 1 are not such that claim 1 as a whole would 
have been obvious to one with skill in the art at the time of the invention. In particular, 
regardless of the Examiner's stated rationale for obviousness, it is clear that the gap 
between the prior art and claim 1 is so wide as to render the claims nonobvious to one 
of ordinary skill in the art. Clearly Baker only describes changing the order of a set of 
character concurrently displayed within an array of characters; Baker does not teach a 
changing stream of random characters or a changing stream of random characters with 
one of the characters displayed at a visibly detectable higher frequency. Hoover 
describes a user selecting to a field displaying a password character or incrementing or 
decrementing a character displayed in a field. It would not be obvious to one of ordinary 
skill in the art at the time of the invention to first modify Baker to teach changing an 
array of 36 characters concurrently displayed to instead teach a changing stream of 
characters displayed at a password prompt, to second modify Baker to teach one of the 
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characters to be displayed at a visibly detectable higher frequency in the changing 
stream of characters, and third to then modify Hoover's description of incrementing or 
decrementing the value of a digit in a field to instead teach incrementing or 
decrementing a particular character displayed at a higher frequency within a changing 
stream of characters. 

As to the rationale stated in the Office Action for why claim 1 would have been 
obvious to one of ordinary skill in the art at the time the invention was made, the Office 
Action concludes that "it would have been obvious to a person having ordinary skill in 
the art at the time of Applicant's invention to combine the teachings of Hoover and 
Baker because both inventions are directed to a method of password entry system. 
One having ordinary skill in the art would be motivated to incorporate the input 
increment and decrement feature of Hoover into the password entry method of Baker in 
order to prevent an attacker from downloading keystrokes or character positions when 
an authorized user enters password to gain an access to a secured system." [Office 
Action, p. 3] 

Applicants note that rejections on obviousness cannot be sustained by mere 
conclusory statements; instead there must be some articulated reasoning with some 
rational underpinning to support the legal conclusion of obviousness. KSR International 
Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 (2007); MPEP 2141. In particular, because 
there are significant differences between Baker and Hoover and claim 1 , including a 
lack of any teaching of a changing stream of random characters or a particular 
character within the changing stream displayed at a visibly detectable higher frequency, 
to establish a prima facie case of obviousness, the Office Action should include a clear 
articulation of a rationale for why, in view of the actual scope and content of Baker and 
Hoover and the differences between Baker and Hoover and claim 1, claim 1 would have 
been obvious to one of ordinary skill in the art at the time of the invention. KSR, 82 
USPQ2d at 1396; MPEP 2141 . The conclusory statement as to obviousness stated 
with regard to claim 1 does not clearly articulate why one of ordinary skill in the art at 
the time of invention would have found claim 1 obvious despite the fact that Baker and 

AUS920040101US1 13 



PATENT 
10/849,610 



Hoover do not teach at least one of the elements as taught in claim 1 . As indicated by 
Applicants' comparison of the prior art as a whole with claim 1 as a whole, and the 
number and complexity of modifications required to reach claim 1 as a whole through 
the combination of the prior art, Applicants respectfully assert that a mere statement of 
a reason that a person of ordinary skill in the art might combine Baker and Hoover 
based on preventing an attacker from downloading keystrokes or character positions 
does not reach the level of articulated reasoning within some rational underpinning 
required to support the legal conclusion of obviousness required under 35 USC 101 and 
KSR International, and further does not clearly articulate any of the rationales stated in 
section 2100 of the MPEP as exemplary rationales. Because there is no clear and 
explicit articulated reasoning with a clear rationale underpinning to support the legal 
conclusion of obviousness, the Office Action fails to establish a prima facie case of 
obviousness as to claim 1 . 

Therefore, because a proper Graham factual findings indicate differences 
between Goal and Hyponnen and claim 1 and no clear articulation of the reasons why 
the claimed invention of claim 1 would have been obvious is provided, the Office erred 
in finding prima facie obviousness as to claim 1 . MPEP 2141 , IV. Because the Office 
fails to find prima facie obviousness as to claim 1 , Applicants respectfully request 
withdrawal of the rejection under 35 USC 103(a) and allowance of the claims. 

Claims 2-9 

Applicants respectfully assert that because claim 1 is nonobvious under 35 USC 103(a), 
claims 2-9 which depend on claim 1 are also nonobvious and should be allowed. In re 
Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988). 

Claim 2 

In addition, Applicants respectfully assert that claim 2 is not obvious under Baker and 

Hoover. Claim 2 as originally presented reads: 

Claim 2 (Original): The method according to claim 1 for secure password 
entry, further comprising: 
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displaying a plurality of character positions, wherein a stream of 
random characters is displayed in each of said plurality of character 
positions, wherein a particular position from among said plurality of 
character positions provides said password prompt. 

Applicants respectfully assert that the Office has erred in finding a prima facie 
case of obviousness as to claim 2 because under a proper Graham analysis, when 
Baker and Hoover are considered as a whole, the references, do not teach the 
elements of claim 2 and there is no clear statement as to the rationale for one of 
ordinary skill in the art finding claim 2 as a whole obvious in view of the differences 
between Baker and Hoover and claim 2. 

First, in the Graham inquiry, as to the scope and contents of Baker, the Office 
Action cites Figures 2-3 and col. 2, line 57-col. 3, line 12 of Baker as describing "where 
plurality of character positions of positions are displayed" and as reading on the claimed 
element of displaying a plurality of character positions, wherein a stream of random 
characters is displayed in each of said plurality of character positions and step 24 of Fig. 
4 and col. 3, lines 12-44 of Baker as describing "where user selects a particular 
position" and as reading on wherein a particular position from among said plurality of 
character positions provides said password prompt . [Office Action, p. 5] The Office 
Action does not consider Hoover separately as to claim 2. 

Second, in the Graham inquiry, as to the differences between Baker and Hoover 
and claim 2, Applicants respectfully assert that a clear difference between Baker and 
claim 2 is that Figures 2 and 3 of Baker describes a password prompt that includes, for 
each password character entry, a separate display of a matrix of a set of 36 different 
characters, where the user selects a row or column that includes the password 
character. Baker's password prompt of a matrix of 36 characters and options for a user 
to select a row or column does not teach displaying multiple character positions, with a 
different stream of random characters in each position, with a particular position 
providing the password prompt. 

In view of the differences between Baker and claim 2 and the lack of teaching 
stated by the Examiner in claim 1 as to a displayed password prompt in Baker, 
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Applicants respectfully assert that as to claim 2, establishing a prima facie case of 
obviousness requires an articulation of why in view of the differences between Baker 
and Hoover and claim 2, claim 2 as a whole would have been obvious under Baker and 
Hoover to one skilled in the art at the time of the invention. 

Claim 5 

In addition, Applicants respectfully assert that claim 5 is not obvious under Baker and 

Hoover. Claim 5 currently reads: 

Claim 5 (Currently Amended): The method according to claim 1 for 
secure password entry, further comprising: 

responsive to receiving input of a character selection input for 
selecting i nd i cat i ng that said particular character, selecting said particular 
character as said password character from among a plurality of separately 
selectable password characters of said password; and 

responsive to receiving input of a password completion character 
indicating that said password is complete, securely passing each 
separately selected password character of said password to a requesting 
software layer. 

Applicants note that claim 5 is amended to correct a typographical error, which is 
supported in the specification, therefore no new matter is added through the 
amendment to the claim. 

Applicants traverse the rejection of claim 5 in view of the amendments to claim 5. 
The Office Action cites steps 27-31 of Baker as describing "where last element of the 
password is entered and access is either permitted or denied" and as reading on the 
element of responsive to receiving input of a password completion character indicating 
that said password is complete, securely passing said password to a requesting 
software layer . [Office Action, p. 5] 

The differences between Baker and Hoover and claim 5 are clear. Baker only 
describes that when the user selects the last element of the password, a determination 
is made whether to permit or deny access. Claim 5, however, teaches an input of a 
character selection input for selecting each character of a password and a separate 
input of a password completion character to indicate that the password is complete. 
AUS920040101US1 16 
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Neither Baker nor Hoover teaches the password completion character of claim 5. In 
addition, neither reference teaches securely passing each separately selected 
password character to a requesting software layer. 

Applicants respectfully submit that because Baker would need to be modified to 
teach a user entering a password completion character, separate from the user 
selecting a row or column for a password character and Baker would need to be 
modified to teach sending the selected characters to a requesting software layer, there 
must be some articulated reasoning for the required modifications and there must be 
some rational underpinning to support the legal conclusion of obviousness. KSR 
International Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 (2007); MPEP 2141. 
Because Baker does not teach each of the claimed elements and there is no sufficient 
rationale stated to support a legal conclusion of obviousness in view of the differences 
between Baker and claim 5, Applicants respectfully assert that the Office Action fails to 
establish a prima facie case of obviousness as to claim 5 and the claim should be 
allowed. 

Claim 8 

Claim 8 is also not obvious under 35 USC 103(a) under Baker in view of Hoover. Claim 

8, as originally presented, reads: 

Claim 8 (Original): The method according to claim 1 for secure password 
entry, further comprising: 

generating said stream of random characters, wherein said 
particular character is randomly selected. 

Applicants respectfully assert that the Office has erred in finding a prima facie 
case of obviousness as to claim 8 because under a proper Graham analysis, when 
Baker and Hoover are considered as a whole, the references, do not teach the 
elements of claim 8 as a whole and there is no clear statement as to the rationale for 
one of ordinary skill in the art finding claim 8 as a whole obvious in view of the 
differences between Baker and Hoover and claim 8. 
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First, in the Graham inquiry, as to the scope and contents of Baker, the Office 
Action cites the abstract, Figures 2 and 3, step 23, and col. 1, line 55 to col. 2, line 10 of 
Baker as describing "where array of random characters are displayed" and as reading 
on generating said stream of random characters, wherein said particular character is 
randomly selected . [Office Action, p. 6] Applicants note, as previously discussed, that 
Baker as a whole describes displaying a matrix with a set of 36 different characters, 
concurrently displayed, for a user to select a column or row that includes a password 
character. To the extent that Baker describes random characters, as noted in the Office 
Action, Baker describes an array of random characters displayed, with Baker as a whole 
describing that the same 36 different characters, which are all possible characters of a 
password, are randomized within each iteration of the array of characters concurrently 
displayed. 

Second, in the Graham inquiry, as to the differences between Baker and Hoover 
and claim 8, Applicants respectfully assert that in considering claim 8 as a whole, 
including the limitations of claim 1 upon which it depends, it is clear that claim 8 teaches 
said particular character which is randomly selected and which is displayed at a visibly 
detecting higher frequency. Applicants respectfully assert that a clear difference 
between Baker and claim 8 is that Baker describes randomizing the order in which the 
same set of 36 different characters are concurrently displayed in a matrix, which does 
not teach generating a stream of random characters or selecting a particular character 
in the stream of random characters to be displayed at a higher frequency. The 
specification of the present application provides an example of this "modified" stream of 
random characters, with one random character displayed at a visibly detectable higher 
frequency throughout, and for example, in paragraph 0018. 

In viewing the scope and content of Baker and Hoover and the differences 
between Baker and Hoover and claim 8, Applicants respectfully assert that the 
differences are not such that claim 8 as a whole would have been obvious to one skilled 
in the art at the time of the invention. In particular, Applicants respectfully assert that 
there is gap between Baker's description of displaying a matrix of a randomly ordered 
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array of a set of 36 different characters and the claimed elements of generating a 
stream of random characters modified with a particular character displayed at a visibly 
detectable higher frequency and the particular character randomly selected, that render 
the claim nonbovious to one with skill in the art. 

Claim 9 

Claim 9 is also not obvious under 35 USC 103(a) under Baker in view of Hoover. Claim 

9, as originally presented, reads: 

Claim 9 (Original): The method according to claim 1 for secure password 
entry, further comprising: 

adjusting a frequency percentage at which said particular character 
is displayed in said stream of random characters. 

Applicants respectfully assert that the Office has erred in finding a prima facie 
case of obviousness as to claim 9 because under a proper Graham analysis, when 
Baker and Hoover are considered as a whole, the references, do not teach the 
elements of claim 9 as a whole and there is no clear statement as to the rationale for 
one of ordinary skill in the art finding claim 9 as a whole obvious in view of the 
differences between Baker and Hoover and claim 9. 

First, in the Graham inquiry, as to the scope and contents of Baker, the Office 
Action states that Baker fails to teach the elements of claim 9 of adjusting a frequency 
percentage at which said particular character is displayed in said stream of random 
characters , but the Office Action states that "Baker teaches displaying randomized 
alpha-numeric matrix array of characters at constant frequency" in Figures 2-3 and step 
23. Applicants note again that Baker as a whole teaches displaying the alpha-numeric 
array of the set of 36 different characters randomized within a displayed matrix. 

Second, in the Graham inquiry, as to the differences between Baker and claim 9, 
it is clear that Baker describes displaying the same set of 36 different characters for 
each password character entry and no portion of Baker describes displaying any 
particular character at a higher or lower frequency than any other character. In addition, 
as previously noted, Baker teaches away from a modification that would increase or 
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decrease the frequency of a particular character, because then an array may be 
displayed that does not include the password character or an array may be displayed 
that includes the password character on more rows or columns than 1 , which would 
significant increase a hacker's success in guessing which rows or columns contained 
the password character, even without having to track previous keystrokes. In contrast, 
claim 9 teaches adjusting the frequency percentage that the high frequency character is 
displayed in a changing stream of random characters at a password prompt, such that a 
hacker might be able to detect the high frequency character, but would still have to 
guess at incrementing or decrementing that character to the password character. 

In viewing the scope and content of Baker and Hoover and the differences 
between Baker and Hoover and claim 8, Applicants respectfully assert that the 
differences are not such that claim 8 as a whole would have been obvious to one skilled 
in the art at the time of the invention. In particular, Applicants respectfully assert that 
there is gap between Baker's description of displaying a randomized alpha-numeric 
matrix array of a set of 36 different characters "at constant frequency" and the claimed 
elements of adjusting a frequency percentage at which a particular displayed at a higher 
frequency is displayed, that requires significant modifications to reach, which renders 
the claim nonbovious to one with skill in the art. 

Applicants note that rejections on obviousness cannot be sustained by mere 
conclusory statements; instead there must be some articulated reasoning with some 
rational underpinning to support the legal conclusion of obviousness. KSR International 
Co. v. Teleflex Inc., 82 USPQ2d 1385, 1396 (2007); MPEP 2141. In particular, because 
there are significant differences between Baker and Hoover and claim 9, to establish a 
prima facie case of obviousness, the Office Action should include a clear articulation of 
a rationale for why, in view of the actual scope and content of Baker and Hoover and 
the differences between Baker and Hoover and claim 9, claim 9 would have been 
obvious to one of ordinary skill in the art at the time of the invention. KSR, 82 USPQ2d 
at 1396; MPEP 2141 . The Office Action concludes that "it would have been obvious to 
a person having ordinary skill in the art at the time of Applicant's invention to modify the 

AUS920040101US1 2 0 



PATENT 
10/849,610 



system of Baker to display characters in an adjusted frequency percentage in order to 
enhance the password entry display unit, which would further discourage and confuse 
an attacker while eavesdropping". [Office Action, p. 6] As indicated by Applicants' 
comparison of the prior art as a whole with claim 9 as a whole, and Baker teaching 
away from the Examiner's proposed modification, Applicants respectfully assert that a 
mere statement of a reason that a person of ordinary skill in the art might combine 
Baker and Hoover based on discouraging and confusing an attacker while 
eavesdropping is not supported by Baker and does not reach the level of articulated 
reasoning within some rational underpinning required to support the legal conclusion of 
obviousness required under 35 USC 101 and KSR International. Because there is no 
clear and explicit articulated reasoning with a clear rationale underpinning to support the 
legal conclusion of obviousness, the Office Action fails to establish a prima facie case of 
obviousness as to claim 9. 

Therefore, because a proper Graham factual findings indicate differences 
between Goal and Hyponnen and claim 9 and no clear articulation of the reasons why 
the claimed invention of claim 9 would have been obvious is provided, the Office erred 
in finding prima facie obviousness as to claim 1 . MPEP 2141 , IV. Because the Office 
fails to find prima facie obviousness as to claim 1 , Applicants respectfully request 
withdrawal of the rejection under 35 USC 103(a) and allowance of the claims. 
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Conclusion 

Applicants note the citation of pertinent prior art cited by the Examiner. 



In view of the foregoing, withdrawal of the rejections and the allowance of the 
current pending claims is respectfully requested. If the Examiner feels that the pending 
claims could be allowed with minor changes, the Examiner is invited to telephone the 
undersigned to discuss an Examiner's Amendment. 



No extension of time is believed to be necessary. If, however, an extension of time is 
required, the undersigned hereby authorizes the Commissioner to charge any fees for 
this extension to IBM Corporation Deposit Account No. 09-0447. 



Respectfully submitted, 

By /Amy J. Pattillo. Reg. No. 46.983/ 
AMY J. PATTILLO 
Registration No. 46,983 
P.O. BOX 161327 
AUSTIN, TEXAS 78716 
ATTORNEY FOR APPLICANTS 
Telephone: 512-402-9820 
Facsimile: 512-306-0417 
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